libct/cg/sd/v2: Destroy: remove cgroups recursively

Currently, we can create subcgroup in a rootless container with systemd cgroupv2 on centos8. But after the container exited, the container cgroup and its subcgroup will not be removed. Fix this by removing all directories recursively. Fixes: #3225 Signed-off-by: Kang Chen <kongchen28@gmail.com> [kolyshkin: cherry picked from commit 7758d3f, changing the code to use cgroups.RemovePath().] Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
opencontainers · Nov 30, 2021 · 2c30069 · 2c30069
1 parent 02d2e1f
commit 2c30069
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/libcontainer/cgroups/systemd/v2.go b/libcontainer/cgroups/systemd/v2.go
@@ -5,7 +5,6 @@ package systemd
 import (
  "fmt"
  "math"
- "os"
  "path/filepath"
  "strconv"
  "strings"
@@ -307,9 +306,10 @@ func (m *unifiedManager) Destroy() error {
  return err
  }
 
- // XXX this is probably not needed, systemd should handle it
- err := os.Remove(m.path)
- if err != nil && !os.IsNotExist(err) {
+ // systemd 239 do not remove sub-cgroups.
+ err := cgroups.RemovePath(m.path)
+ // cgroups.RemovePath has handled ErrNotExist
+ if err != nil {
  return err
  }